XSS - main page - search[user_id] parameter

Disclosed: 2019-03-03 19:22:40 By paulochoupina To olx

Critical

Vulnerability Details

Hi, how you doing? This is a pretty straight foward XSS in the main page. Affected parameter: search[user_id] Direct Link: https://www.olx.pt/braga/?search[user_id]=1zqjeu'"(){}<x>:/1zqjeu;9</SCript><svG/onLoad=prompt(9)>, ;prompt(9);&view=galleryWide Tested in updated firefox. ## Impact XSS allows a intruder to inject html and client side scripts in the browser of a victim, allowing for example the stealing of session cookies etc etc.

Actions

View on HackerOne

Report Stats

Report ID: 477771
State: Closed
Substate: resolved
Upvotes: 137

XSS - main page - search[user_id] parameter

Vulnerability Details

Actions

Report Stats

Share this report